Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Massive Data Breach At Equifax
#1
Oh lord!   tinywhat 


Quote:Credit-reporting company Equifax shocked investors, and more than a third of America, when it announced on Thursday afternoon that hackers had breached its data systems, compromising the personal information of approximately 143 million U.S. consumers. The information accessed "primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers." In other words, pretty much everything that should have been hidden behind an n-number of firewalls, is now available to the dark net's highest bidder. 

The company, which in delightful irony offers credit-monitoring and identity-theft protection products to "guard consumers’ personal information", said that it had learned of the incident on July 29, 2017, at which point it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review: based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Oddly enough, it took shareholders and over a third of America, more than a month longer to learn that all their personal data may have been compromised.

As if 143 million leaked social security numbers wasn't enough, Equifax said that criminals also accessed credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers. But wait, there's more: the company also identified unauthorized access to limited personal information for certain UK and Canadian residents.

The good news, is that according to Equifax, "this issue has been contained." The bad news is that, well, as many as 143 million social security numbers have been hacked. So no, it's not contained.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in prepared remarks. “I apologize to consumers and our business customers for the concern and frustration this causes.”

In a Q&A posted on the company's website, the management team revealed what's really important with the following question and answer:

Read more here
#2
                     FYI:  Equifax says it won't bar consumers from joining breach-related lawsuits



Equifax, which yesterday announced a truly enormous breach, will not require affected consumers to forfeit their right to join a class action lawsuit against the company in order to receive credit protection. The company clarified the forced arbitration clause in its terms of service after outcry by consumer advocates, including New York Attorney General Eric Schneiderman, who called the requirement "unacceptable and unenforceable."

The company added the following to its FAQ for the TrustedID Premier program it is offering to those affected by the breach:

Quote:Do the TrustedID Terms of Use limit my options related to the cyber security incident?
The arbitration clause and class action wavier [sic] included in the TrustedID Premier Terms of Use applies to the free credit file monitoring and identity theft protection products, and not the cybersecurity incident.

In other words, if you use the service, any dispute regarding the service itself (e.g. the protections fail to work) would be forced into arbitration — but legal action relating specifically to the breach is not affected. I've contacted Equifax for more specifics, but their press office is likely being bombarded right now so it may be a while before they respond.
If you want to be extra sure you won't be bound by the arbitration clause, you can opt out by writing a snail mail letter to the company:

Quote:Timely written notice of opt out must be delivered to Equifax Consumer Services LLC, Attn.: Arbitration Opt-Out, P.O. Box 105496, Atlanta, GA 30348, and must include Your name, address, and Equifax User ID, as well as a clear statement that You do not wish to resolve disputes with Equifax through arbitration.

Don't worry, you don't get put on some kind of list. "Opting out of the arbitration provision will have no adverse effect on your relationship with Equifax or the delivery of Products to You by Equifax."
Note: I am not a lawyer or financial advisor. Equifax may change these terms or interpret them differently (which is why I asked for more information). If you are at all unsure about this, wait and see and take actions of your own, such as notifying your bank, getting a free credit report and watching for suspicious transactions.
In the meantime, you may not even be missing out on much: a recent GAO investigation of these kinds of services found that "companies often offer consumers affected by a data breach complimentary identity theft services for reasons other than mitigating the risk of identity theft, such as avoiding liability or complying with state law." And last week several members of the Committee on Energy and Commerce asked for a closer look at "whether private-sector and government entities have converged on suboptimal solutions for providing protection for consumers and whether better solutions ought to be pursued."

You can read the rest of the article here:  LINK


Forum Jump:


Users browsing this thread: 2 Guest(s)